- About this Notice
1.1 This notice explains how and why Adlington Law Limited use personal data in connection with the work we do for our clients.
1.2 In this notice, when we talk about “personal data” we mean any information that relates to an identifiable natural person – for example, you.
1.3 You should read this notice if you or a third party is dealing with us in relation to a matter that we have been instructed by one of our clients to assist with.
1.4 Adlington Law Limited is a “controller” in relation to its use of your personal data. This is a legal term which means that we make decisions about how and why we use your personal data and, because of this, we are responsible for making sure it is used in accordance with Data Protection Laws. The Law requires us to provide you with the information in this notice so that you are aware of the personal data we collect about you, what we do with it and how you can exercise your rights in connection with it.
1.5 If you have any questions in relation to this, please contact email@example.com or write to us at Adlington Law Limited, Renaissance House, 4 East Terrace Business Park, Euxton Lane, Chorley, PR7 6TB.
- What types of personal data do we collect and where do we get it from?
2.1 The information we process about you broadly falls into three main categories:
(i) Contact Information;
(ii) Identity and Other Regulatory Information;
(iii) Matter Information.
2.2 Below appears the different types of personal data that we collect and where we collect it from:
Contact information name, address, telephone number, email address are collected from yourself or your financial advisor with your permission;
Identity and other regulatory information, such as your date of birth, Identification information (eg. passport, utility bill and/or bank statement) will be collected from you or your financial advisor. On occasion, and with your permission, we may approach third party providers such as Registry Offices to obtain copy Certificates.
Verifying your identity and some personal information is obtained from Credit Reference Agencies and this will have originated from publicly accessible sources. Credit Reference Agencies draw on the Electoral Register (also known as the Voters Roll), UK National Identity Register, International Sanctions list and International Politically Exposed Person(s) list. These checks will be carried out through our chosen Credit Reference Agency, Creditsafe (UK)
Matter information details relating to your matters including matter related communications between you and us or your financial advisors or third party solicitors (including recordings of telephone calls)
Additional personal information that we process in connection with a matter this includes details about your existing secured loans.
- What do we do with your personal data, and why?
3.1 We must always have a “lawful basis” (i.e. a reason, prescribed by law) for processing your personal data. Below, we set out the purposes for which we may process the different categories of your personal data – depending on the nature of your matter with us or our client – and the corresponding lawful basis for that processing. For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances
Matter Related Purpose
a) Responding to your enquiries and communicating with you (including by text, telephone, email and post)
- It is important that we can respond to your enquiries
b) Performing identity checks for verification and anti-money laundering purposes (including against third party sources)
- We need to make sure that we are dealing with the correct people, to prevent against identity fraud and protect our clients
c) Providing advice to you and your financial advisor and discussing with your Lender’s Solicitors in relation to your matter
- We need to be able to process your personal data as needed, to follow your instructions in connection with your matter
d) Assisting with the purchase or sale of your property
- We need to carry out this work to fulfil your instructions
Legal Regulatory Compliance and Reporting Purposes
e) Monitoring our systems and processes to identify, record and prevent fraudulent, criminal and/or otherwise illegal activity
- We need to be able to monitor our systems in this way to help protect all involved parties from illegal activity
f) Complying with instructions, orders and requests from law enforcement agencies, any court or otherwise as required by law
- This is our legal obligation
g) Complying with our general regulatory and statutory obligations (including our responsibilities under codes of conduct and anti-bribery laws)
- This is our legal obligation
h) Purchasing, maintaining and claiming against our insurance policies
- We must protect our business against specified losses and it is also a legal obligation
i) Training our staff
- This is a legal obligation. We will use your personal data when providing our staff with training to improve our service to you and manage risk.
j) For training and monitoring purposes, we record our telephone communications with you
k) Establishing and enforcing our legal rights and obligations and monitoring to identify and record fraudulent activity
- This is our legal obligation
l) Complying with instructions from law enforcement agencies, any court or otherwise as required by law
- This is our legal obligation
General Business Requirements
m) Obtaining legal advice and establishing, defending and enforcing our legal rights and obligations and monitoring to identify and record fraudulent activity
- This is our legal obligation. We must also be able to defend our business and asset our own legal rights
n) For our general record-keeping and client relationship management
- This is our legal obligation. We also need to store files so that we can refer back to them at a later date should we be required to do so
o) Managing the proposed sale, restructuring, transfer or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation
- This is our legal obligation and we also have a legitimate interest in being able to sell any part of our business should we wish to
p) Continuously reviewing and improving our products and services (including by seeking and obtaining your feedback) and developing new ones
- We have a legitimate interest in making sure that we are continuously improving our service
q) Maintaining the security and integrity of our systems, platforms, premises and communications (and detecting and preventing actual or potential threats to the same)
- We need to make sure our that our business processes are secure
In very limited circumstances, we may also process certain special categories of personal data (including, personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, health data or data about your sex life or sexual orientation), which require a higher standard of protection under applicable laws. For these special categories of personal data, different lawful basis apply. We only process this type of information about you where it is necessary for the establishment, exercise or defence of a legal claim against us or where it is necessary for reasons of substantial public interest (for example this could be where it is relevant to our advice to clients). We also have policies in place explaining our procedures for ensuring compliance with applicable laws in connection with the processing of personal data, and our practices in relation to the retention and erasure of personal data.
- Who do we share your personal data with, and why?
4.1 Sometimes we share your personal data with third parties where permitted by law, including the following:
4.1.1 Legal Counsel, other law firms and courts, as applicable in relation to legal services we provide;
4.1.2 courts and other judicial or official bodies, where we are asked to respond to a court order or other binding requests;
4.1.3 regulatory bodies and law enforcement authorities and agencies, where necessary for any investigations or to respond to enquiries in relation to our compliance with applicable law or regulations or in connection with criminal investigations, or where otherwise permitted or required by applicable law; and
4.1.4 our professional advisors (such as third party law firms and accountants) and other third parties in connection with our legitimate business activities.
These organisations may also use your personal data as a “controller” – and if so, they should have their own privacy notices which you should read, and they have their own responsibilities to comply with applicable data protection laws.
4.2 We also ask third party service providers to carry out certain business functions for us. These include IT support, cloud platform and data hosting providers who help us with the operation of our websites, mobile applications, data rooms, document and workflow management systems and other systems and applications. We will have in place an agreement with our service providers which will restrict how they are able to process your personal data and impose appropriate security standards on them
- How do we keep your personal data secure?
5.1 We will put in place appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage
5.2 With regard to any personal data you submit to us online, we cannot guarantee the security of data sent to us in this way. Transmission of data over the internet is at your own risk. You are responsible for keeping any passwords you use to access Adlington Law Limited platforms safe
- How long do we keep your personal data for?
6.1 We will only retain your personal data for a limited period of time, and for no longer than is necessary for the purposes for which we are processing it for. This will depend on a number of factors, including:
6.1.1 any laws or regulations that we are required to follow;
6.1.2 whether we are in a legal or other type of dispute with each other or any third party;
6.1.3 the type of information that we hold about you; and
6.1.4 whether we are asked by you or a regulatory authority to keep your personal data for a valid reason
- Is your personal information transferred outside the UK or the EEA?
7.1 Data Protection laws impose restrictions on the transfer of personal data outside the UK to any European country or beyond. Adlington Law will not transfer any of your personal data outside the UK.
- What are your privacy rights and how can you exercise them?
8.1 The processing of your personal data is done with your express consent. Should you withdraw your consent at any time, we will cease to process it unless we have some legal basis to do so.
8.2 Where our processing of your personal data is based on legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
8.3 Depending on the circumstances, you may have the right to:
8.3.1 access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the recipients or categories of recipient to whom it is disclosed and the period for which it will be stored;
8.3.2 require us to correct any inaccuracies in your personal data without undue delay;
8.3.3 require us to erase your personal data;
8.3.4 require us to restrict processing of your personal data;
8.3.5 receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us and where the processing is automated; and
8.3.6 object to a decision that we make which is based solely on automated processing of your personal data. There are some limits and exceptions to this right
8.4 Please contact firstname.lastname@example.org or send a letter to Adlington Law Limited, Renaissance House, 4 East Terrace Business Park, Euxton Lane, Chorley, PR7 6TB if you would like to exercise any of your privacy rights.
8.5 Should you have any concerns about how your personal data is dealt with, please contact us so that we can try to resolve your concerns. However, should you feel we have breached our obligations under data protection laws, you are entitled to submit a complaint with the Information Commissioner’s Office, which enforces data protection laws: https://ico.org.uk. For more information on all of the above rights, you can contact our Data Protection Officer.